This relates generally to electronic devices, and more particularly, to improving the security on an electronic device.
Portable electronic devices such as cellular telephones are sometimes provided with near field communications (NFC) circuitry that allows the electronic devices to perform contactless proximity-based communications with a corresponding NFC reader. Oftentimes, the NFC circuitry in a user device is used to carry out financial transactions or other secure data transactions that require the user device to verify and access a commerce credential such as a credit card credential. The secure data that is necessary for performing such mobile financial transactions is typically stored on a secure element within an electronic device. The electronic device may also include a processor that communicates with the secure element.
When a user obtains an electronic device, the user may elect to provision one or more payment cards onto the device, which results in secure data being provisioned onto the secure element. Consider, for example, a scenario in which the user decides to sell his/her device to another user. In such scenarios, it may be desirable for the original user to erase all secure data from the secure element before giving his/her device to the new user so that the new user would not be able to use the device to make payments with the original user's credentials. Commands for performing such deletion of secure data from the secure element are typically sent from the processor to the secure element. It is sometimes possible, however, for the processor to be infected with malicious software (or “malware”) that can somehow prevent the secure data from being erased from the secure element (i.e., by preventing the deletion command from being sent to the secure element). In such instances, it is possible for the new user to use the newly acquired electronic device to perform mobile transactions without permission from the original owner.
This can be particularly problematic when a user loses his/her device or when a device is stolen from an authorized user. In such scenarios, it is possible for the new, unauthorized user to perform financial transactions using the lost/stolen phone. It would therefore be desirable to provide ways to improve the security of electronic devices.